<!doctype html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport"
          content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
    <meta http-equiv="X-UA-Compatible" content="ie=edge">
    <title><?=$_GET['xh']?'修改':'注册'?>用户信息</title>

    <style>
        h1{color: red;}
        input{padding: 10px;margin: 6px;border-radius: 6px;}
        .msg{color: red;margin: 20px 0;}
    </style>

</head>
<body>
<?php
try {
    $db=new PDO("mysql:host=localhost; dbname=db", 'root', 'root');
    $db->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE,PDO::FETCH_ASSOC);
    session_start();
    $hasRight=$_SESSION['user']['xh']===$_GET['xh'] || $_SESSION['user']['isAdmin'];
    if ($r=$_POST){
        if ($r['pwd']!==$r['pwd2']) throw new Exception('两次输入的密码不一致，请重新输入');
        if ($r['pwd']){
            if (preg_match('@^(?=.*?\d)(?=.*?[a-z])(?=.*?[^0-9a-z]).{3,20}$@',$r['pwd'])!==1){
                throw new Exception('密码需要3~20个字符，必须同时包含字母、数字及其他字符');
            }
        }elseif($_GET['xh']){
            $r['pwd']=$_SESSION['user']['pwd'];
        }else{
            throw new Exception('注册用户必须提供密码');
        }
        if ($_GET['xh']){
            if ($hasRight){
                $ps=$db->prepare('update students set xh=?,name=?,tel=?,age=?,pwd=? where xh=?');
                $ps->execute([$r['xh'],$r['name'],$r['tel'],$r['age'],$r['pwd'],$_GET['xh']]);
                if ($_SESSION['user']['xh']===$_GET['xh']){
                    $_SESSION['user']=$r;
                }
            }else{
                throw new Exception('sorry,你没有操作权限');
            }
        }else{
            $ps=$db->prepare('insert into students (xh,name,tel,age,pwd) values (?,?,?,?,?)');
            $rs=$ps->execute([$r['xh'],$r['name'],$r['tel'],$r['age'],$r['pwd']]);
        }
        header(header:'Location:index.php');
        return;
    }elseif($_GET['xh']){
        $ps=$db->prepare('select * from students where xh=?');
        $ps->execute(array($_GET['xh']));
        $r=$ps->fetch();
        if ($r===false) throw new Exception('没有找到该学号');
        if (!$hasRight) throw new Exception('sorry,你没有操作权限');
    }else{
        $hasRight=true;
    }
}catch (PDOException $e){
    $msg=$e->getMessage();
}
?>
<h1><?=$_GET['xh']?'修改':'注册'?>用户信息</h1>
<form method="post">
    学号:<input type="text" name="xh" value="<?=$r['xh']?>" <?=$hasRight?'':'disabled'?>><br>
    姓名:<input type="text" name="name" value="<?=$r['name']?>" <?=$hasRight?'':'disabled'?>><br>
    电话:<input type="text" name="tel" value="<?=$r['tel']?>" <?=$hasRight?'':'disabled'?>><br>
    年龄:<input type="text" name="age" value="<?=$r['age']?>" <?=$hasRight?'':'disabled'?>><br>
    密码:<input type="password" name="pwd" <?=$hasRight?'':'disabled'?>> <b><?=
        isset($_GET['xh'])&&!$msg?'留白将不会修改原来的密码':'3~20个字符，必须同时包含字母、数字及其他字符'?></b><br>
    确认密码:<input type="password" name="pwd2" <?=$hasRight?'':'disabled'?>><br>
    <div class="msg"><?=$msg?></div>
    <input type="submit" value="提交数据" <?=$hasRight?'':'disabled'?>>
</form>

</body>
</html>

